Jaco Geldenhuys

Jaco Geldenhuys
Stellenbosch University | SUN · Division of Computer Science

DTech

About

49
Publications
8,790
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
888
Citations

Publications

Publications (49)
Chapter
Satisfiability Modulo Theories (SMT) solvers play a major role in the success of symbolic execution as program analysis technique. However, often they are still the main performance bottleneck. One approach to improve SMT performance is to use caching. The key question we consider here is whether caching strategies are still worthwhile given the pe...
Chapter
COASTAL is a program analysis tool for Java programs. It combines concolic execution and fuzz testing in a framework with built-in concurrency, allowing the two approaches to cooperate naturally.
Article
Full-text available
In the field of scientometrics, impact indicators and ranking algorithms are frequently evaluated using unlabelled test data comprising relevant entities (e.g., papers, authors, or institutions) that are considered important. The rationale is that the higher some algorithm ranks these entities, the better its performance. To compute a performance s...
Conference Paper
This paper provides a survey of recent work on adapting techniques for program analysis to compute probabilistic characterizations of program behavior. We survey how the frameworks of data flow analysis and symbolic execution have incorporated information about input probability distributions to quantify the likelihood of properties of program stat...
Conference Paper
Full-text available
Procedural texture generation enables the creation of more rich and detailed virtual environments without the help of an artist. However, finding a flexible generative model of real world textures remains an open problem. We present a novel Convolutional Neural Network based texture model consisting of two summary statistics (the Gramian and Transl...
Article
In the work presented in this paper, we analyse ranking algorithms that can be applied to bibliographic citation networks and rank academic entities such as papers and authors. We evaluate how well these algorithms identify important and high-impact entities.The ranking algorithms are computed on the Microsoft Academic Search (MAS) and the ACM digi...
Article
Lazy Initialization (LI) allows symbolic execution to effectively deal with heap-allocated data structures, thanks to a significant reduction in spurious and redundant symbolic structures. Bounded lazy initialization (BLI) improves on LI by taking advantage of precomputed relational bounds on the interpretation of class fields in order to reduce th...
Book
This book constitutes the refereed proceedings of the 22nd International Symposium on Model Checking Software, SPIN 2015, held in Stellenbosch, South Africa, in August 2015. The 18 papers presented – 14 regular papers and 4 tool or new idea papers – were carefully reviewed and selected from 27 submissions. They cover the field between theoretical a...
Conference Paper
Symbolic execution techniques have been proposed recently for the probabilistic analysis of programs. These techniques seek to quantify the likelihood of reaching program events of interest, e.g., assert violations. They have many promising applications but have scalability issues due to high computational demand. To address this challenge, we prop...
Article
Okhotin showed an exponential trade-off in the conversion from nondeterministic unary automata to unambiguous nondeterministic unary automata. We show that the trade-off in the case of unary symmetric difference automata to finitely (structurally) ambiguous unary symmetric difference automata is linear with constant 1 in the number of states. In pa...
Article
Full-text available
Symbolic PathFinder (SPF) is a software analysis tool that combines symbolic execution with model checking for automated test case generation and error detection in Java bytecode programs. In SPF, programs are executed on symbolic inputs representing multiple concrete inputs and the values of program variables are represented by expressions over th...
Conference Paper
Tight field bounds have been successfully used in the context of bounded-exhaustive bug finding. They allow one to check the correctness of, or find bugs in, code manipulating data structures whose size made this kind of analyses previously infeasible. In this article we address the question of whether tight field bounds can also contribute to a si...
Conference Paper
A result of Nicaud states that the number of distinct unary regular string languages recognized by minimal deterministic finite automata (DFAs) with n states is asymptotically equal to n2 n-1 . We consider the analogous question for symmetric difference automata (ℤ 2 -NFAs), and show that precisely 2 2n-1 unary languages are recognized by n-state m...
Conference Paper
Full-text available
The analysis of constraints plays an important role in many aspects of software engineering, for example constraint satisfiability checking is central to symbolic execution. However, the norm is to recompute results in each analysis. We propose a different approach where every call to the solver is wrapped in a check to see if the result is not alr...
Article
Full-text available
We examine the distributed breadth-first enumeration of a state space that is partitioned using a static partition function. Two of the key drawbacks of this approach are the high communication overhead and the excessive growth of the queues that hold states received from other nodes, ultimately resulting in memory exhaustion that causes premature...
Article
Full-text available
Symbolic execution has long been a popular technique for automated test generation and for error detection in complex code. Most of the focus has however been on programs manipulating integers, booleans, and references in object oriented programs. Recently researchers have started looking at programs that do lots of string processing; this is motiv...
Article
Full-text available
The continued development of efficient automated decision procedures has spurred the resurgence of research on symbolic execution over the past decade. Researchers have applied symbolic execution to a wide range of software analysis problems including: checking programs against contract specifications, inferring bounds on worst-case execution perfo...
Conference Paper
Full-text available
Okhotin [9] showed an exponential trade-off in the conversion from nondeterministic unary finite automata to unambiguous nondeterministic unary finite automata. In this paper, we consider the trade-off in the case of unary symmetric difference finite automata to finitely ambiguous unary symmetric difference finite automata. Surprisingly, the trade...
Article
Full-text available
We investigate ambiguity for symmetric difference nondeterministic finite automata. We show the existence of unambiguous, finitely ambiguous, polynomially ambiguous and exponentially ambiguous symmetric difference nondeterministic finite automata. We show that, for each of these classes, there is a family of n-state nondeterministic finite automata...
Conference Paper
Full-text available
It has been suggested that 20% of the participants in a free/libre/open source software (FLOSS) project contribute 80% of the work. This paper attempts to verify this claim for nine projects and for various metrics of user activity such as the number of contributions, duration of involvement with the project, and the number of modifications to sour...
Article
Full-text available
We consider two ways of inserting a key into a binary search tree: leaf insertion which is the standard method, and root insertion which involves additional rotations. Although the respective cost of constructing leaf and root insertion binary search trees trees, in terms of comparisons, are the same in the average case, we show that in the worst c...
Conference Paper
Full-text available
We describe the Impendulo tool for fine-grained analyses of programmer behavior. The initial design goal was to create a system to answer the following simple question: "What kind of mistakes do programmers make and how often do they make these mistakes?" However it quickly became apparent that the tool can be used to also analyze other fundamental...
Conference Paper
Full-text available
Partial order reduction methods combat state explosion by exploring only a part of the full state space. In each state a subset of enabled transitions is selected using well-established criteria. Typically such criteria are based on an upper approximation of dependencies between transitions. An additional heuristic is needed to ensure that currentl...
Conference Paper
Full-text available
We consider the problem of reducing the number of states of nondeterministic finite automata, and show how to encode the reduction as a Boolean satisfiability problem. This approach improves on previous work by reducing a more general class of automata. Experimental results show that it produces a minimal automaton in almost all cases and that the...
Article
Full-text available
Open source software and the associated development model holds great promise, but the issue of trust is a major chal-lenge. This applies to companies wishing to adopt the open source model but also within open source projects. We in-vestigate this issue by data mining open source repositories to study two related phenomena: update propagation and...
Conference Paper
Full-text available
In today’s business and software arena, more and more com- panies are adopting open source software. An example of this rising phe- nomenon is to base software products on highly reusable open source components. In this scenario, the evolution of the software product is coupled with the evolution of the open source component. A common assumption is...
Conference Paper
Full-text available
Minimal counterexamples are desirable, but expensive to compute. We propose four algorithms for computing small counterexamples that approximate the shortest case. Three of these use a new algorithm for automata-theoretic linear-time model checking, based on an early algorithm by Dijkstra for detecting strongly connected components. All four of the...
Conference Paper
Full-text available
Many different automata and algorithms have been investigated in the context of automata-theoretic LTL model checking. This article compares the behaviour of two variations on the widely used Büchi automaton, namely (i) a Büchi automaton where states are labelled with atomic propositions and transitions are unlabelled, and (ii) a form of testing au...
Chapter
Full-text available
Standard error back-propagation requites output data that is scaled to lie within the active area of the activation function. We show that normalizing data to conform to this requirement is not only a time-consuming process, but can also introduce inaccuracies in modelling of the data. In this paper we propose the gamma learning rule for feedforwar...
Article
State-of-the-art algorithms for on-the-fly automata-theoretic LTL model checking make use of nested depth-first search to look for accepting cycles in the product of the system and the Büchi automaton. Here, we present two new single depth-first search algorithms that accomplish the same task. The first is based on Tarjan's algorithm for detecting...
Conference Paper
Full-text available
State caching makes the full exploration of large state spaces possible by storing only a subset of the reachable states. While memory requirements are limited, the time consumption can increase dramatically if the subset is too small. It is often claimed that state caching is effective when the cache is larger than between 33% and 50% of the total...
Conference Paper
Full-text available
State-of-the-art algorithms for on-the-fly automata-theoretic LTL model checking make use of nested depth-first search to look for accepting cycles in the product of the system and the Büchi automaton. Here we present a new algorithm based on Tarjan’s algorithm for detecting strongly connected components. We show its correctness, describe how it ca...
Conference Paper
Full-text available
A novel, very memory-efficient hash table structure for representing a set of bit vectors — such as the set of reachable states of a system — is presented. Let the length of the bit vectors be w. There is an information-theoretic lower bound on the average memory consumption of any data structure that is capable of representing a set of at most n s...
Article
Full-text available
Spin isaverification system that can detect errors automatically by exploring the reachable state space of a system. The efficiency of verifiers like Spin depends crucially on the technique used for the representation of states. A number of recent proposals for more compact representations reduce the memory requirements, but cause a considerable in...
Conference Paper
Full-text available
Binary decision diagrams (BDDs) have proven to be a powerful technique for combating the state explosion problem. Their application to verification is usually centered around the computation of the transitive closure of some binary relation. The closure is usually computed with a fixed point algorithm that expands some set until it stops growing. U...
Article
Full-text available
Standard error back-propagation requires output data that is scaled to lie within the active area of the activation function. We show that normalizing data to conform to this requirement is not only a time-consuming process, but can also introduce inaccuracies in modelling of the data. In this paper we propose the gamma learning rule for feedforwar...
Article
Full-text available
A model checker is a program that verifies, without human assistance, that the formal description of a system has specified, desirable properties. The development of model checking algorithms is an active area of research, but most implementations are still prototypical in nature. In consequence, knowledge about the design and implementation of a p...
Conference Paper
Full-text available
Spin is a verification system that can detect errors automatically by exploring the reachable state space of a system. The efficiency of verifiers like Spin depends crucially on the technique used for the representation of states. A number of recent proposals for more compact representations reduce the memory requirements, but cause a considerable...
Article
Full-text available
The classical model checking algorithm for CTL stores the entire reachability graph in memory. By taking an automata-theoretic approach, it was recently shown that the more practical on-the-fly validation technique can be applied to CTL. However, no implementation has been described yet. In this paper we describe an onthe -fly validation system for...
Article
Abstract Computer systems are frequently used in our day to day activities. The failure of these systems in some application areas could result in loss of lives and resources, thus their correctness is of paramount importance. In this essay, we discuss the concept of model checking – an automatic verification technique for software and hardware sys...
Article
Symmetric difference automata are a special case of automata with multiplicities, and have received attention since 1997. This chapter provides a unified survey of the current state of the art for symmetric difference automata. Special attention is paid to the case of unary automata.
Article
Full-text available
2nd AFRA Conference on ICT, Medical School of the University of Stellenbosch, Tygerberg Campus, 16-17 November 2009 The ever-increasing reliance of society on computers has led to a need for highly reliable systems. Computer systems perform critical functions in a number of areas ranging from online transaction processing (such as banking systems)...

Network

Cited By